Full Group Summary

Ensuring the security of your organisation involves efficient technology yes, but also trained personnel to make sense of log data that is continuously accumulating, says Brendan Carroll.

With the rapid evolution of cyber capabilities and the increasing reliance on technology by corporations and government, processes have become more efficient, collaboration has been made simple and flexibility and versatility have come to be regarded as cornerstones within successful IT departments. In order to prevent the exploitation of vulnerabilities within critical processes however, one must be equipped with the right tools in order to detect, prevent and analyse any actual or attempted intrusions.

The products that we review this month fall into the categories of network and media forensic tools. These solutions provide a critical line of defence, allowing an organisation increased control over its network and the ability to analyse critical data stored on any digital medium.

Network forensic devices allow the traffic flowing over a network to be captured, logged and analysed. Features employ anything from granular control mechanisms to automated reporting capabilities - providing a security team with all of the tools necessary to ensure the protection of its network.

While the devices we examined this month provide the capability to extract and analyse data, the true benefit an organisation will receive from these solutions depends on having strong policies in place, developed processes and a well-trained and experienced security team. Further, the raw data exchanged over any network can be critical to its security. This makes having a forensic tool to capture and log that data necessary and, more importantly, to have a team that can analyse and understand what it is they are looking for and guarding against.

In order to gain the best results from one's investment the software should be implemented with several considerations. Filters are necessary in refining data search so a user is not overwhelmed with unnecessary information. Contextual information about the network architecture should be provided in order to make analysis more efficient. Finally, if one is to make the investment in a network forensic product, training should be integrated into the organisation's deployment plan. Having a well-trained team that knows what they are looking for will increase the efficacy of the product and ensure the security of the organisation's network. With the proper organisational considerations and foundations, the deployment of a network forensic tool can strongly impact the evolution of the security standards a company has in place.

However, even the best forensic team must be equipped with the proper tools to do its job appropriately. Many investigative teams need to recover files that have been deleted or access specific files buried in the depths of a system's file structure. With forensic tools such as we examine here, investigators have the ability to create an image of a digital storage medium where they can then drill down and analyse the necessary data at a granular level. This kind of transparency enables a team to recover and analyse whatever information could be deemed a threat.

From malicious insiders to viruses, phishing scams and more, organisations' data faces a persistent threat of compromise. As a result, we are forced to remain ever vigilant for the next threat to our resources. There is no one solution, no one guarantee. Rather, each organisation has the responsibility to tailor its security to the values and corporate policies in place, and for each organisation there are a host of forensic products that may prove fitting.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.